1 files changed, 43 insertions, 14 deletions

diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index 3acc666cf1..7d6fd649ea 100644
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -28,6 +28,10 @@
 #include <stdarg.h>
 #include <errno.h>
 
+#ifndef MAXFQDNLEN
+#define MAXFQDNLEN 255
+#endif
+
 #ifdef _WIN32
 
 #include <windows.h>
@@ -616,7 +620,11 @@ int fcgi_listen(const char *path, int backlog)
 			if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
 				struct hostent *hep;
 
-				hep = gethostbyname(host);
+				if(strlen(host) > MAXFQDNLEN) {
+					hep = NULL;
+				} else {
+					hep = gethostbyname(host);
+				}
 				if (!hep || hep->h_addrtype != AF_INET || !hep->h_addr_list[0]) {
 					fprintf(stderr, "Cannot resolve host name '%s'!\n", host);
 					return -1;
@@ -774,12 +782,21 @@ static inline ssize_t safe_write(fcgi_request *req, const void *buf, size_t coun
 	size_t n = 0;
 
 	do {
+#ifdef _WIN32
+		size_t tmp;
+#endif
 		errno = 0;
 #ifdef _WIN32
+		tmp = count - n;
+
 		if (!req->tcp) {
-			ret = write(req->fd, ((char*)buf)+n, count-n);
+			unsigned int out_len = tmp > UINT_MAX ? UINT_MAX : (unsigned int)tmp;
+
+			ret = write(req->fd, ((char*)buf)+n, out_len);
 		} else {
-			ret = send(req->fd, ((char*)buf)+n, count-n, 0);
+			int out_len = tmp > INT_MAX ? INT_MAX : (int)tmp;
+
+			ret = send(req->fd, ((char*)buf)+n, out_len, 0);
 			if (ret <= 0) {
 				errno = WSAGetLastError();
 			}
@@ -802,12 +819,21 @@ static inline ssize_t safe_read(fcgi_request *req, const void *buf, size_t count
 	size_t n = 0;
 
 	do {
+#ifdef _WIN32
+		size_t tmp;
+#endif
 		errno = 0;
 #ifdef _WIN32
+		tmp = count - n;
+
 		if (!req->tcp) {
-			ret = read(req->fd, ((char*)buf)+n, count-n);
+			unsigned int in_len = tmp > UINT_MAX ? UINT_MAX : (unsigned int)tmp;
+
+			ret = read(req->fd, ((char*)buf)+n, in_len);
 		} else {
-			ret = recv(req->fd, ((char*)buf)+n, count-n, 0);
+			int in_len = tmp > INT_MAX ? INT_MAX : (int)tmp;
+
+			ret = recv(req->fd, ((char*)buf)+n, in_len, 0);
 			if (ret <= 0) {
 				errno = WSAGetLastError();
 			}
@@ -995,9 +1021,10 @@ static int fcgi_read_request(fcgi_request *req)
 		q = req->env.list;
 		while (q != NULL) {
 			if ((value = zend_hash_str_find(&fcgi_mgmt_vars, q->var, q->var_len)) == NULL) {
+				q = q->list_next;
 				continue;
 			}
-			zlen = Z_STRLEN_P(value);
+			zlen = (unsigned int)Z_STRLEN_P(value);
 			if ((p + 4 + 4 + q->var_len + zlen) >= (buf + sizeof(buf))) {
 				break;
 			}
@@ -1021,8 +1048,9 @@ static int fcgi_read_request(fcgi_request *req)
 			p += q->var_len;
 			memcpy(p, Z_STRVAL_P(value), zlen);
 			p += zlen;
+			q = q->list_next;
 		}
-		len = p - buf - sizeof(fcgi_header);
+		len = (int)(p - buf - sizeof(fcgi_header));
 		len += fcgi_make_header((fcgi_header*)buf, FCGI_GET_VALUES_RESULT, 0, len);
 		if (safe_write(req, buf, sizeof(fcgi_header)+len) != (int)sizeof(fcgi_header)+len) {
 			req->keep = 0;
@@ -1060,9 +1088,9 @@ int fcgi_read(fcgi_request *req, char *str, int len)
 		}
 
 		if (req->in_len >= rest) {
-			ret = safe_read(req, str, rest);
+			ret = (int)safe_read(req, str, rest);
 		} else {
-			ret = safe_read(req, str, req->in_len);
+			ret = (int)safe_read(req, str, req->in_len);
 		}
 		if (ret < 0) {
 			req->keep = 0;
@@ -1297,7 +1325,7 @@ static inline fcgi_header* open_packet(fcgi_request *req, fcgi_request_type type
 static inline void close_packet(fcgi_request *req)
 {
 	if (req->out_hdr) {
-		int len = req->out_pos - ((unsigned char*)req->out_hdr + sizeof(fcgi_header));
+		int len = (int)(req->out_pos - ((unsigned char*)req->out_hdr + sizeof(fcgi_header)));
 
 		req->out_pos += fcgi_make_header(req->out_hdr, (fcgi_request_type)req->out_hdr->type, req->id, len);
 		req->out_hdr = NULL;
@@ -1310,7 +1338,7 @@ int fcgi_flush(fcgi_request *req, int close)
 
 	close_packet(req);
 
-	len = req->out_pos - req->out_buf;
+	len = (int)(req->out_pos - req->out_buf);
 
 	if (close) {
 		fcgi_end_request_rec *rec = (fcgi_end_request_rec*)(req->out_pos);
@@ -1326,6 +1354,7 @@ int fcgi_flush(fcgi_request *req, int close)
 
 	if (safe_write(req, req->out_buf, len) != len) {
 		req->keep = 0;
+		req->out_pos = req->out_buf;
 		return 0;
 	}
 
@@ -1375,7 +1404,7 @@ int fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int l
 	}
 #else
 	/* Optimized version */
-	limit = sizeof(req->out_buf) - (req->out_pos - req->out_buf);
+	limit = (int)(sizeof(req->out_buf) - (req->out_pos - req->out_buf));
 	if (!req->out_hdr) {
 		limit -= sizeof(fcgi_header);
 		if (limit < 0) limit = 0;
@@ -1482,7 +1511,7 @@ char* fcgi_putenv(fcgi_request *req, char* var, int var_len, char* val)
 		fcgi_hash_del(&req->env, FCGI_HASH_FUNC(var, var_len), var, var_len);
 		return NULL;
 	} else {
-		return fcgi_hash_set(&req->env, FCGI_HASH_FUNC(var, var_len), var, var_len, val, strlen(val));
+		return fcgi_hash_set(&req->env, FCGI_HASH_FUNC(var, var_len), var, var_len, val, (unsigned int)strlen(val));
 	}
 }
 
@@ -1492,7 +1521,7 @@ char* fcgi_quick_putenv(fcgi_request *req, char* var, int var_len, unsigned int
 		fcgi_hash_del(&req->env, hash_value, var, var_len);
 		return NULL;
 	} else {
-		return fcgi_hash_set(&req->env, hash_value, var, var_len, val, strlen(val));
+		return fcgi_hash_set(&req->env, hash_value, var, var_len, val, (unsigned int)strlen(val));
 	}
 }